In the prior art, programming a vehicular electronic control unit (ECU) requires that the vehicle be present at an authorized location (e.g., a manufacturing or assembly facility, a dealership, or an authorized repair facility) and directly hardwired to a programming tool. Recently, remote wireless programming of ECUs has been developed to allow greater programming flexibility. With this change, security has shifted from physical mechanisms to password, gateway, and cryptographic authentication mechanisms for controlling access. Unfortunately, the security afforded by these wireless access-control algorithms does not provide a sufficiently high level of assurance against malicious attacks, such as, for example, the communication of viruses or other harmful or undesired programs to ECUs. Where a malicious communicator has access to the password or cryptographic key, and the gateway provisions are true (e.g. the vehicle or device is at an authorized location), the communication will be accepted.
It will be appreciated that this concern extends to programming (e.g. corruption), providing input to (e.g. virus downloading), or eliciting output from (e.g. theft, spying, etc.) vehicular ECUs or other mobile devices, including, for example, mobile telephones and mobile computing devices. As telematic applications, and wireless communication capability among devices become increasingly prevalent, the ability to discern an authorized communication becomes increasingly significant. Toll booths or parking garages, for example, might be adapted to wirelessly query vehicles for identification or even for payment information, but, as mentioned, password and cryptographic mechanisms do not afford sufficient security against the illicit collection of such information.
Thus, an improved system and method of controlling access to a vehicular ECU or mobile device is needed.